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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1 . (Original) A method for providing scalable security services, comprising: 
instantiating at least one application on the computer system; and 
instantiating a Key Repository process on the computer system, the Key 

Repository process configured to 

manage sensitive information in a database on the computer system using 
at least one master l^ey, 

validate and record authorizatibns of specific applications to access 
sensitive information in the database, wherein each of the at least one application 
Is configured to query the Key Repository process for some or all of the sensitive 
information in the database, and 

in response to the query from a particular instance of the at least one 
application, provide to the particular instance of the at least one application the 
requested some or all of the sensitive information only if the Key Repository 
process authenticates the particular instance of the at least one application as 
being pre-authorized to receive the requested some or all of the sensitive 
information. 

2. (Original) The method of claim 1 , wherein the at least one master key is 
divided into a predetermined number of portions each of which associated with a 
passwonJ, and wherein the sensitive rnfomiation cannot be exposed without at 
least some or all of the predetermined number of passwords using a password- 
based private key encryption-decryption, 

3. (Original) The method of claim 1. wherein the Key Repository process is a 
centralized repository process for the at least one master key, as well as 
passwords, enterprise policy and policy decisions, authorizations to use 
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enterprise credentials and pre-authori2^tion and authentication of the at least one 
application. 

4. (Original) The method of claim 1 , wherein the at least one master key is 
configured as an encryption key that maintains the Integrity of and protects the 
sensitive Information. 

5. (Original) A cryptographic system in a computer system, the cryptographic 
system comprising: 

at least one server; 

a database, the database configured to contain sensitive infonmatlon, the 
database responsive to signals from one of the at least one server; 
at least one application on one of the at least one server; and 
a Key Repository process on one of the at least one server, the Key 
Repository process using at least one master key for managing the sensitive 
information in the database, the Key Repository process further configured to 
validate and record authorizations to access sensitive infonmation in the 
database, the at least one application configured to query the Key Repository 
process for some or all sensitive informatktn in the database, and, in response to 
the query from a particular instance of the at least one application, the Key 
Repository process further configured to provide the requested some or all of the 
sensitive infomiatlon to the particular instance of the at least one applk^ation but 
only if the Key Repository process authenticates the particular instance of the at 
least one application as being pre-authorized to receive the requested some or all 
of the sensitive Information. 

6. (Original) A cryptographic system as in claim 5, wherein the at least one 
master key maintains the integrity of and protects the sensitive infonmation in the 
database. 
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7. (Original) A cryptographic system as in claim 5, wherein the at least one 
master key provides privacy protection to the sensitive infbnmation on the 
database. 

8. (Original) A cryptographic system as in daim 5, wherein the sensitive 
information is a public key. 

9. (Original) A cryptographic system as in claim 5, wherein the isensitive 
information is a secret. 

10. (Original) A cryptographic system as in claim 5, wherein the sensitive 
information is a private key. 

11. (Original) A cryptographic system as in claim 5, wherein the sensitive 
informatton is a symmetric key. 

12. (Original) A cryptographic system as in claim 5, wherein the sensitive 
information is a certification authority certificate. 

13. (Original) A cryptographic system as in claim 5, wherein each of the at 
least one master key are kept in physical memory. 

14. (Original) A cryptographic system as in claim 5, wherein each of the at 
least one master key are kept in non-swappable physical memory. 

15. (Original) A cryptographic system as in claim 14, wherein the non- 
swappable physical memory is protected. 

16. (Original) A cryptographic system as in claim 5, wherein each of the at 
least one master key are kept In virtual memory. 
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17. (Original) A cryptographic system as In claim 5, wherein the at least one 
master key includes an integrity key configured to ensure the integrity of the 
sensitive information on the database. 

18. (Original) A cryptographic system as in claim 5, wherein the at least one 
master key includes a protection key configured to protect the sensitive 
information on the database. 

19. (Original) A cryptographic system as in claim 5, wherein the at least one 
application is a context-free server program. 

20. (Original) A cryptographic system as In claim 19, wherein the at least one 
application is configured to retain context information across one or more 
instantiations of the at least one application. 

21. (Original) A cryptographic system as in claim 20, wherein the context 
information includes sensitive data. 

22. (Original) A cryptographic system as In daim 19, vy^erein the at least one 
application is configured to convey sensitive context information, by encrypting 
the infomnation and then passing the information to a next Instance of the at least 
one application. 

23. (Original) A cryptographic system as in claim 9, wherein the secret is 
divided among a plurality of individuals. 

2426. (Cunrently amended) A cryptographic system as in claim 23, wherein the 
integrity of the secret that is controlled by a first indivklual is increased by linking 
the secret to a second secret, the second secret is revealed only with the 
cooperation of all or a predetermined number of the plurality of individuals. 
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25. (Original) A cryptographic , system as In claim 9, wherein the secret is 
protected by a password. 

26. (Original) A cryptographic system as in claim 25, wherein the secret can 
be updated in the absence of the password. 

27. (Original) A method for obtaining cryptographic credentials by an 
application running on a computer system, the method comprising the steps of: 

(a) providing a computer system having at least one server; 

(b) instantiating a Key Repository process on the computer system, the 
Key Repository process having a cryptographically protected database; 

(c) instantiating an application process on behalf of an end entity on 
the computer system, the end entity having credentials stored in the database; 

(d) requesting the Key Repository process for the credentials of the 
end entity by the application process; and 

(e) if the Key Repository process authenticates the application process 
as having been pre-authorized to have the credentials, building an encrypted 
credentials file and providing the application process with the file and a password 
for the file. 

28. (Currently amended) A method as In claim 27. the method further 
comprising the steps of: 

ffKe) instantiating a remote Key Repository process on a remote server. 

29. (Cunrently amended) A method as In claim 27, the method further 
comprising the step of: 

iEKe) instantiating a local agent on a remote server. 

30. (Cun-ently amended) A method as in claim 28. the method further 
comprising the step of: 
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. Igl<9 providing the Key Repository process witli a remote agent interface; 

and 

£hKg) linking the remote Key Repository process on the remote server to 
the Key Repository process via the remote agent interface. 

31. (Currently amended) A method as in claim 29, the method further 
comprising the step of: 

providing the Key Repository process with an agent interface; and 
ihXs) linking the local agent on the remote server to the Key Repository 
process via the agent interface. 
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